webmail vulnerability

Discussion in 'General' started by dicko, May 6, 2010.

  1. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Without going into the details but having done a little forensic study on a third party machine, I suggest we all delete (or patch) any copy of html2text.php above our webroot.

    dicko
     
  2. rollinsolo

    Joined:
    Feb 11, 2009
    Messages:
    279
    Likes Received:
    0
    I tried to locate the file name and could not locate it. I guess Im ok there.
     
  3. Kalama Sutra

    Joined:
    Apr 15, 2009
    Messages:
    95
    Likes Received:
    0
    hi dicko,

    <<and for others>>

    I found html2text.php in two locations:

    /var/www/html/mail/program/lib/html2text.php

    /var/www/html/mail/bin/html2text.php


    Would you suggest the patch process, please.


    << currently, can I get away for the moment renaming BOTH files to / .... / ..../ "xxhtml2text.php" ? until patched ??? >>

    Regards & Thanks from the community, ;)

    Jim
     
  4. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    To be honest, I don't really care for webmail, who uses it anyway, so my solution is to delete the whole kaboodle, I assume that roundcubemail have fixed it by now and we at Elastix are notoriously slow in maintaining "upstream" thirdparty apps. which is why the vulnerability remains so a quick grab of the latest roundcube is probably already patched, so if you need and use it, I suggest you replace the current /var/www/mail/ directory with the latest and greatest from the "perps" :)


    dicko
     
  5. rollinsolo

    Joined:
    Feb 11, 2009
    Messages:
    279
    Likes Received:
    0
    I agree most big businesses already have exchange or I push Google Apps because once again its free and google. I wish some of the features built in were optional modules that one could download and install as needed so there would be less vulnerabilities that we would have to keep track of.
     

Share This Page